If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Linux-based gateway via floppy

Is anyone using (and/or has anyone found compromises in) either one of these? If so, what's the diagnosis? Are they secure enough to protect a box for web services (on one network) and also my LAN with a second NIC? Or would I be casting my pearls?

If it is safe, I'll yank the FreeBSD gateway I'm using now and set it up for another project that I'm wanting to experiment with (DNS Services on OpenBSD). If not, I'll have to cough up the green and get another system (which I'd rather not do because this is only a temporary project ... probably won't last more than four months or so).

Any thoughts on this? I'm just trying not to learn things the "too hard" way.

Rev

Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.

With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.

Hmmm... basically Link-Sys Router on a floppy? Well... I haven't had direct experience with these, but I've done nasty things (in the past) and burned BSD-like OS' to a CDROM and run them off of there. Yeah, it's a bit of a trick - and might be more than you wanted to do in this instance (you get to do neat little things like relocate swap, /var and other highly dynamic stuff in to memory - or at least to a writeable disk (much better for the preservation of said logs... LOL)). This tends to have a side-effect, however, of needing two systems... one to come up with the system on and the other being the actual system.

I'd further venture that you could likely do the same with an OpenBSD floppy... though I think that still wants two floppies to get its kernel and RAM disk loaded.

Blah, it's late... I should be thinking like this at this hour (or at least trying to make sense out of my writing)

\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

Thanks... I should have known that it would be a bad idea, I just didn't give it enough thought (by brain was fried, I think )... So I guess I'll cough up another 75 to get enough parts to get another system set up... Oh well... That's all part of the game, so it's cool.

You're response did inspire a question or two, however...

Let's say I was to go ahead and burn my OS onto CDROM, get 128 megs of RAM (allocate 36 megs to system, 73 to /swap, and then 19 to /var... How difficult would it be to create a process that would send all the logs to an email address once the available space on /var reaches a certain point (and then flush each log, clearing up space for the process to start over)?

You mentioned something about needing a second system (why? or is that only if I wanted to use disk space, but didn't have a spare drive?)

If this is workable setup, then thats something that I would like to learn to do (maybe a future experiment in the planning).

I've heard about this once before, but it was way over my head at the time (two years playing with FreeBSD, and it seems that I've still only scratched the surface ). Is there a specific name for setting up a system like this (ie, how would I go about researching it)? Know of any good books on it?

Much thanks! (still soaking it in)

Rev

Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.

With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.

If you are running one system(firewall) off of a CD, and you have your main system behind it, you could just run a syslog server of some type(yes they are out there for windows) on your main system and have your firewall send all important messages to that system.... There is no need to get so complex with email logs, etc.. etc..

I had considered that, but it would present nasty problems if my main system (I'm assuming you're talking about my web/mail server) had to be shut down or disconnected (for updating purposes, etc...).

I could be wrong, but it seems to me that the more independant a system is, the better it is for the entire LAN. The only desireable "co-dependancy" on my LAN is in regards to Internet access. It just seems that is the best way (like I said, I could be wrong because I know there's a world of possibilities out there, and I still consider myself a newbie to *NIX).

Thanks for the input, though. (besides, it's not like this is something I'm going to do right away... I definately want to learn how, but it will have to be a future project...)

Best regards,

Rev

Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.

With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.

We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

The config is simple enough for anyone who knows enough about IP to be setting up a router anyway, no Linux knowledge is required (and indeed few Linux commands actually work)

It takes a while to boot from a floppy, and there doesn't seem to be any provision for backing the floppy up (except while the router is shut down), which is a pity (if you eject the disc, the router will start misbehaving in some respects as it needs to access this disc occasionally)

It has very low hardware requirements (8Mb 486), is pretty secure "out of the box" and works on most systems (Quite a few common ethernet cards are supported). A bit tricky to get right if you have non-plug and play ISA ethernet cards, but otherwise ok.

I run mine as a NAT router, DHCP server, DNS primary (for internal zone only!), and DNS cache. It also supports port forwarding but that's a bit ropey to set up.

Indeed BBIagent is like freesco (perhaps even easier to use). It's pretty secure.
But for the particular problem in this thread, if I understand correctly, BBIagent is not the best choice cause it has less features then Freesco. Freesco can act as a simple bridge with up to 3 Ethernet segments or as a router with up to 3 Ethernet segments. While BBIagent only acts as a router / firewall / bridge between 2 ethernet segments.
WAN ----> LAN

I spent a couple of hours playing with freesco, but decided to stick with that I have (FreeBSD) for the following reasons:

blackhole settings?

tripwire, AV scanner, sendmail daemon, etc (although I could install on HDD and have the necessary realty, but that would defeat my purpose)

DoS attack "condom"

securelevel?

Not that there's anything wrong with freesco, but I like the features I have set up now... It's no "biggie." Thanks again for the responses (esp draziw... You gave me lots to think about and definately inspired a future project)

Best regards,

Rev

Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.

With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.